eBay

belles-postingid · ‎04-14-2016

I have recently finished up cleaning up my 300+ listings. My account was switched to the new listing tool many months ago, no problems with that.

I started reducing the number of words in my listings. (Making them better for mobile) Recently a new very long script has appeared in my Html. It seems to radomly appear in both old and new listings. Searching the web and a quick search on the boards, I find nothing.

It took me a while to get a listing services scripts to stop appearing. Now this one. Anyone else seeing this? I want to remove it and not have it return. It is a bit scary looking.

I have disabled the script below by posting a lot of XXX through out it. Help please!!!!

berserkerplanet · ‎04-14-2016

Looked at the script, but didn't spend a ton of time trying to completely analyze it, but in general it appears to be targeting login credential of some sort. Because the element names it references seem so obscure/specific (lpcurruserelt, 'lpcurrpasselt'), I guessed it might target something very specific (but not scraping eBay credentials).

Googling 'lpcurruserelt' produced a hit and what looks like the explanation (a lot of the code looks identical):

http://webcache.googleusercontent.com/search?q=cache:jRwNBGHL_3YJ:https://forums.lastpass.com/viewto...

Are you running lastpass and using a lastpass browser plugin?

It looks like it's either a bug in the plugin or just plain crazy behavior by the plugin (which I have no clue about - although I assume the plugin is used for on the fly password management, but can't fathom why it would be injecting code.)

If not using a LastPass plugin, I would be more concerned about where the code injection is originating.

berserkerplanet · ‎04-14-2016

Here's another LastPass forum post that is a bit more straigtforward (and doesn't need to be accessed via Google cache) that is almost exactly your issue, but for Spotify:

https://forums.lastpass.com/viewtopic.php?f=12&t=190995&p=634135&hilit=lpcurruserelt#p634135

browndogsimmons_3 · ‎04-15-2016

If you atre not using "lastpass" you need to be worried. Even if you are and have not copied a page that would have this script in it I would still be worried. You definately need to check your clipboard history.

belles-postingid · ‎04-15-2016

I do have LastPass. The paid version.

It is odd how it appears in the HTML of some listings and not the others. It started appearing about a week ago. Only out of the ordinary thing I can think of is a Windows 10 update.

Interesting that the other person had it radomly appear also.

I appreciate the answers. Gives me a place to start.

berserkerplanet · ‎04-15-2016

I don't know much about lastpass (and don't want to as I don't "do" the cloud - Snowden, general security issues, incompetent cloud providers, loss of ultimate data control, etc, Back when Bill Gates espoused it 20+ years ago I said "wouldn't be prudent, isn't gonna happen" 🙂 Anywho...

Got the impression from the two lastpass forum posts that the lastpass browser plugin either has/had a bug or is exhibiting weird behavior. You didn't say if you were using the plugin (which I assume is optional?).

The solution appeared to be to disable lastpass while performing the functions where it is injecting the script code (like creating/editing eBay listings in your case) Actually I was surprised that the issue in those two threads was not addressed by lastpass folk or that community.

You might look through here also: https://lastpass.com/support.php?cmd=getproductfaq&product=plugin_ff

(You didn't provide any details about your browser so I just assumed Firefox)

browndogsimmons_3 · ‎04-15-2016

If you really want to see what happens after you click on anything just right click on the link or button (user name-login page-feedback number) then click copy link target, then go to this site https://hybrid-analysis.com and check the URL. You can also check files. It gives you much better data than any other I used. Do both of the first 2 options (kernel and user).

hersee11 · ‎07-19-2016

This occured to me when revising a listing and while in the non-HTML description editor pressing Ctrl+F to find something on the page using Firefox.

As the find in page toolbar slid up the script was inserted at the position of the text caret. The script was not in the clipboard but was clearly inserted by LastPass (after I noticed the occurances of 'lp' and 'password' I assumed it was the addon).

I'm guessing something with eBay's editor conflicts with LastPass where it believes it to be a login form or similar.

scatsumner · ‎07-29-2016

I can confirm that I was having this same issue under my eBay selling ID when:

1. Logging into eBay using LastPass Premium

2. Using Firefox

3. Creating a listing

4. Pasting text into the Item description box.

As with you all, same problem, reams of HTML verbiage added to the end of my item description. I hadn't even noticed that the HTML made reference to LastPass, an important clue to the problem, so I appreciate that heads-up here.

This week I opened a support ticket with LastPass referring them to this thread, and they responded: that I was using an out-of-date LastPass extension to Firefox, version 3.3.1. LastPass told me:

"Please uninstall your current version - https://lastpass.com/support.php?cmd=showfaq&id=185

Once uninstalleed, click on the download button at https://lastpass.com/lastpassffx/ to install LastPass version 4"

and indeed, doing that seemed to fix it for me.

drakkordragon · ‎05-01-2017

Was having the same problem after revising all my listing since receiving eBay messages about them containing Scripts that I didn't added. I thought it was a bug with the new eBay listing page and wanted to complain to them to stop injecting script into my HTML listing, but after reading this thread I am going to install the new LastPass for Firfox and see how it goes. THANKS!!

provits · ‎07-05-2018

It is still doing it in version 4

barneys_toy_shop · ‎08-08-2018

For this month's "Ostritch Sticking It's Head into Sand" award, LastPass calls this a feature and not a bug.

Here are the seven basic steps that you should automatically know and intuitively understand (apparently) to make a popular site like eBay work properly with the LastPass plugin (who I'm assured DEFINITELY isn't at fault for this, because it's a feature, not a bug. Sigh.) :

Go to LastPass Vault
Go to Account Settings
Click on Never URLS
Click 'Add'
Pick 'Never Do Anything' from the Menu
Add bulksell.ebay.com/ws/eBayISAPI.dll (customize url to fit your region - aka co.uk, .ie)
Click 'Add'

See? Simple as basic neurosurgery.